Skip to Content

Researchers Find Security Cracks in Google Glass

Starting with Google Glass, wearable technology could usher in a new era of security weaknesses, researchers say.
July 17, 2013

Internet-connected devices are ripe for hacking—and it seems that wearable gadgets like Google’s forthcoming head-mounted computer, Glass, are no exception.

Marc Rogers, principal security researcher at mobile security startup Lookout, said this week that the company’s researchers examined Google Glass in May, looking for weaknesses that hackers could exploit. They soon focused on the fact that Google uses QR codes to let users configure Glass, and that whenever a Glass user takes a photo, the device searches for readable information (including QR codes).

The researchers learned that it was possible to use custom QR codes to get Glass to do things without the wearer’s knowledge, like quietly connect to a hacker-controlled wireless network. This could occur when the wearer takes a picture of a QR code on a poster or T-shirt, for example, believing the code to be benign.

Lookout detailed the weakness in a post on its blog on Wednesday, and released a short video explaining the problem.

The Lookout researchers found that by creating a QR code that caused Glass to connect to their own wireless access point, they could control traffic coming on and off the device, Rogers said. In theory, this would allow a hacker to spy on a user’s uploaded photos, or direct him to malware on the Web.

Similarly, the researchers found that a QR code could force Glass to connect via Bluetooth to a device of the researcher’s choosing, without the Glass wearer’s knowledge.

Though Lookout quickly reported the weakness to Google, and the search company fixed the problem within two weeks, it points to a larger problem: as everything from glasses to watches to thermostats become Internet-connected, those gadgets become vulnerable to malware and other security and privacy issues.

“I think bad guys will target wherever they feel the opportunity is,” said Rogers, noting that every popular computing platform has become a target for malware.

Rogers sees Google as a good test case for how such connected devices can be rolled out: before selling Glass next year to the general public, the company offered it to a limited group of testers, who are developing apps and finding bugs—a move the company says is intended to resolve problems in advance of general sales.

Because of this, Rogers expects that when Glass is released, Google will have not only fixed most of the “low-hanging” vulnerabilities, but will also be able to quickly fix any other issues that emerge.

Keep Reading

Most Popular

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

AGI is just chatter for now concept
AGI is just chatter for now concept

The hype around DeepMind’s new AI model misses what’s actually cool about it

Some worry that the chatter about these tools is doing the whole field a disservice.

Hoan Ton-That, CEO of Clearview AI
Hoan Ton-That, CEO of Clearview AI

The walls are closing in on Clearview AI

The controversial face recognition company was just fined $10 million for scraping UK faces from the web. That might not be the end of it.

spaceman on a horse generated by DALL-E
spaceman on a horse generated by DALL-E

This horse-riding astronaut is a milestone in AI’s journey to make sense of the world

OpenAI’s latest picture-making AI is amazing—but raises questions about what we mean by intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.